logstash-filter-geoip 4.2.1-java → 4.3.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ade36a96e99e9321038609cd3e6a360685e22a98
-  data.tar.gz: 0d61ed34fe865e751147221536e7b7162982914d
+  metadata.gz: 9629d03788dadbb35ba06f83f1a15f89fa824c68
+  data.tar.gz: 58baa3b460c42816f203c3ac9085d39b428a566e
 SHA512:
-  metadata.gz: f8094a7fe3575169d6adf227e7e008c7b18f74c863d0141eff1f6e7aa4c8cfbcb63b5ad0191cbbcbee54ab18b714a87616c92fc311d44fb814c31a989effc87d
-  data.tar.gz: 57a883f6766dc26269bc10eeae960f74e1748e024fa9b003381ff8e35315f3bb79c3da0a7788b2f54118e9bc8d65c096d1411cda73c5dd8dd32c199683e66b2b
+  metadata.gz: cb29ef2b212a5aadddd187d0173364467d91e099c72f8b8e2e06ea6b2cd6fd09e01746daa3ac5d0287562487c79a9b67242f7be4ca04dac4d9e99a42d826f80c
+  data.tar.gz: 57686c233607989cccb83c36835444128f3c63db477da18484787ad56f45230625b42d3551e7051c97b52a1ff6d31584c2cdae57a2c04c5e7c7c2cd193a5d65e

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 4.3.0
+  - Bundle the GeoLite2-ASN database by default
+  - Add default_database_type configuration option to allow selection between the GeoLite2-City and GeoLote2-ASN databases.
+
 ## 4.2.0
   - Add support for GeoLite2-ASN database from Maxmind for ASN data.
   - Update Java dependencies to 2.9.0 to support the new ASN database.

data/docs/index.asciidoc

@@ -12,7 +12,7 @@ START - GENERATED VARIABLES, DO NOT EDIT!
 END - GENERATED VARIABLES, DO NOT EDIT!
 ///////////////////////////////////////////
 
-[id="plugins-{type}-{plugin}"]
+[id="plugins-{type}s-{plugin}"]
 
 === Geoip filter plugin
 
@@ -25,14 +25,14 @@ based on data from the Maxmind GeoLite2 databases.
 
 ==== Supported Databases
 
-This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description -- 
-"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s 
+This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description --
+"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s
 GeoIP2 databases". Please see GeoIP Lite2 license for more details.
 
 https://www.maxmind.com/en/geoip2-databases[Commercial databases] from Maxmind are also supported in this plugin.
 
-If you need to use databases other than the bundled GeoLite2 City, you can download them directly 
-from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases 
+If you need to use databases other than the bundled GeoLite2 City, you can download them directly
+from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases
 can be downloaded from https://dev.maxmind.com/geoip/geoip2/geolite2[here].
 
 If you would like to get Autonomous System Number(ASN) information, you can use the GeoLite2-ASN database.
@@ -72,6 +72,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-cache_size>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-database>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-default_database_type>> |`City` or `ASN`|No
 | <<plugins-{type}s-{plugin}-fields>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-source>> |<<string,string>>|Yes
 | <<plugins-{type}s-{plugin}-tag_on_failure>> |<<array,array>>|No
@@ -84,7 +85,7 @@ filter plugins.
 &nbsp;
 
 [id="plugins-{type}s-{plugin}-cache_size"]
-===== `cache_size` 
+===== `cache_size`
 
   * Value type is <<number,number>>
   * Default value is `1000`
@@ -105,7 +106,7 @@ to having multiple caches for different instances at different points in the pip
 number of cache misses and waste memory.
 
 [id="plugins-{type}s-{plugin}-database"]
-===== `database` 
+===== `database`
 
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -117,8 +118,17 @@ GeoIP2-City, GeoIP2-ISP, GeoIP2-Country are the commercial databases from Maxmin
 If not specified, this will default to the GeoLite2 City database that ships
 with Logstash.
 
+[id="plugins-{type}s-{plugin}-default_database_type"]
+===== `default_database_type`
+
+This plugin now includes both the GeoLite2-City and GeoLite2-ASN databases.  If `database` and `default_database_type` are unset, the GeoLite2-City database will be selected.  To use the included GeoLite2-ASN database, set `default_database_type` to `ASN`.
+
+  * Value type is <<string,string>>
+  * The default value is `City`
+  * The only acceptable values are `City` and `ASN`
+
 [id="plugins-{type}s-{plugin}-fields"]
-===== `fields` 
+===== `fields`
 
   * Value type is <<array,array>>
   * There is no default value for this setting.
@@ -155,7 +165,7 @@ to having multiple caches for different instances at different points in the pip
 number of cache misses and waste memory.
 
 [id="plugins-{type}s-{plugin}-source"]
-===== `source` 
+===== `source`
 
   * This is a required setting.
   * Value type is <<string,string>>
@@ -165,7 +175,7 @@ The field containing the IP address or hostname to map via geoip. If
 this field is an array, only the first value will be used.
 
 [id="plugins-{type}s-{plugin}-tag_on_failure"]
-===== `tag_on_failure` 
+===== `tag_on_failure`
 
   * Value type is <<array,array>>
   * Default value is `["_geoip_lookup_failure"]`
@@ -173,7 +183,7 @@ this field is an array, only the first value will be used.
 Tags the event on failure to look up geo information. This can be used in later analysis.
 
 [id="plugins-{type}s-{plugin}-target"]
-===== `target` 
+===== `target`
 
   * Value type is <<string,string>>
   * Default value is `"geoip"`
@@ -193,4 +203,4 @@ is still valid GeoJSON.
 
 
 [id="plugins-{type}s-{plugin}-common-options"]
-include::{include_path}/{type}.asciidoc[]
+include::{include_path}/{type}.asciidoc[]

data/lib/logstash/filters/geoip.rb

@@ -33,12 +33,15 @@ require "logstash-filter-geoip_jars"
 class LogStash::Filters::GeoIP < LogStash::Filters::Base
   config_name "geoip"
 
-  # The path to the GeoLite2 database file which Logstash should use. Only City database is supported by now.
+  # The path to the GeoLite2 database file which Logstash should use. City and ASN databases are supported.
   #
   # If not specified, this will default to the GeoLite2 City database that ships
   # with Logstash.
   config :database, :validate => :path
 
+  # If using the default database, which type should Logstash use.  Valid values are "City" and "ASN", and case matters.
+  config :default_database_type, :validate => ["City","ASN"], :default => "City"
+
   # The field containing the IP address or hostname to map via geoip. If
   # this field is an array, only the first value will be used.
   config :source, :validate => :string, :required => true
@@ -104,7 +107,7 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
   public
   def register
     if @database.nil?
-      @database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2-City.mmdb")).first
+      @database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2-#{@default_database_type}.mmdb")).first
 
       if @database.nil? || !File.exists?(@database)
         raise "You must specify 'database => ...' in your geoip filter (I looked for '#{@database}')"

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '4.2.1'
+  s.version         = '4.3.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "$summary"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_spec.rb

@@ -3,8 +3,6 @@ require "logstash/devutils/rspec/spec_helper"
 require "logstash/filters/geoip"
 
 CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
-# this is downloaded in build dir so we don't accidentally package this database when creating a gem
-ASNDB = ::Dir.glob(::File.expand_path("../../build/GeoLite2-ASN_*", ::File.dirname(__FILE__))+"/GeoLite2-ASN.mmdb").first
 
 describe LogStash::Filters::GeoIP do
 
@@ -39,7 +37,7 @@ describe LogStash::Filters::GeoIP do
       filter {
         geoip {
           source => "ip"
-          #database => "#{CITYDB}"
+          # database => "#{CITYDB}"
           target => src_ip
           add_tag => "done"
         }
@@ -273,7 +271,8 @@ describe LogStash::Filters::GeoIP do
       filter {
         geoip {
           source => "ip"
-          database => "#{ASNDB}"
+          # database => "" # use the bundled ASN
+          default_database_type => "ASN"
         }
       }
     CONFIG

data/vendor/LICENSE.txt

@@ -0,0 +1,3 @@
+This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/.
+
+This database incorporates GeoNames [http://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 3.0 License. To view a copy of this license, visit http://www.creativecommons.org/licenses/by/3.0/us/.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 4.2.1
+  version: 4.3.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-23 00:00:00.000000000 Z
+date: 2017-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -77,7 +77,9 @@ files:
 - logstash-filter-geoip.gemspec
 - maxmind-db-NOTICE.txt
 - spec/filters/geoip_spec.rb
+- vendor/GeoLite2-ASN.mmdb
 - vendor/GeoLite2-City.mmdb
+- vendor/LICENSE.txt
 - vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2/maxmind-db-1.2.2.jar
 - vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.9.0/geoip2-2.9.0.jar
 - vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/4.2.0/logstash-filter-geoip-4.2.0.jar